<div dir="ltr">Thanks, Ivan - really appreciate your response!<div><br></div><div>We are reviewing the ticket you referenced. It does look the same LDAP error messaging is being reported. We are considering the scope of and effort behind an upgrade.</div><div><br></div><div>Per your first comment in that ticket, we may attempt re-uploading the resource XML first.</div>> There is a chance that this was caused by something "else": either the Resource was somehow "corrupted" in repository or memory. After reuploading the resource XML AND restarting all midPoint nodes, this error seems to stop.<br><br>Will report back once we've had a chance to consider these options and let the community know of the outcome.<div><span style="color:rgb(23,43,77);font-family:-apple-system,system-ui,"Segoe UI",Roboto,Oxygen,Ubuntu,"Fira Sans","Droid Sans","Helvetica Neue",sans-serif;font-size:14px"></span></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div style="text-align:left"><br></div><div style="text-align:left">Brandon Powers</div><div><div style="text-align:left"><span>Exclamation Labs</span></div><span><div style="text-align:left">300 Washington Street</div></span><span><div style="text-align:left">Cumberland, MD 21502</div></span><div><a value="+18885455008" style="color:rgb(17,85,204)" href="tel:888.545.5008" target="_blank">888.545.5008</a><span style="color:rgb(34,34,34)"> or </span><a value="+13017225008" style="color:rgb(17,85,204)" href="tel:301.722.5008+ext+144" target="_blank">301.722.5008 ext 144</a></div><span><div style="text-align:left">fax <a value="+13017222183" style="color:rgb(17,85,204)">301.722.2183</a></div></span><div><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204)" target="_blank">brandon@exclamationlabs.com</a></div><span><div style="text-align:left"><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204);font-size:13px" target="_blank">www.exclamationlabs.com</a></div></span></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 25, 2020 at 2:07 AM Ivan Noris via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi Brandon,</p>
<p>could be this? <a href="https://jira.evolveum.com/browse/MID-6439" target="_blank">https://jira.evolveum.com/browse/MID-6439</a></p>
<p>We had this issue too, but it seems to not happen again with
midPoint 4.2 and more important - newest AD connector 3.1.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div>On 24. 11. 2020 23:06, Brandon Powers
via midPoint wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hey MidPoint Community!
<div><br>
</div>
<div>We are currently struggling with an Active Directory
Connector/connectivity issue that we have not encountered in
any other midPoint implementation to date, and hoping someone
may be able to shed some light or provide some guidance.</div>
<div><br>
</div>
<div><b>Short Summary:</b></div>
<div>Receiving the following error <i>occasionally</i> when
importing many Active Directory accounts using the Active
Directory (LDAP) Connector.</div>
<div><b>Error Message:</b> In order to perform this operation a
successful bind must be completed on the connection.</div>
<div><b><br>
</b></div>
<div><b>Context:</b></div>
<div>MidPoint Version: 3.9</div>
<div>Active Directory Resource defined using the Active
Directory Connector (LDAP): <a href="https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393" target="_blank">https://wiki.evolveum.com/pages/viewpage.action?pageId=22741393</a></div>
<div>Active Directory Connector Version: 2.0</div>
<div>Active Directory</div>
<div><br>
</div>
<div>Issue is not with the bind credentials themselves -
connection works otherwise: Test connection is successful;
recomputing individual users (even those that the issue shows
up for during import); manually importing AD objects (users,
groups) all work fine.</div>
<div><br>
</div>
<div><b>Where we do have the issue:</b></div>
<div>- When running import task for Active Directory resource
including ~320 user accounts</div>
<div>- Issue appears consistently during each import attempt,
but inconsistently on varying user accounts</div>
<div>- When the bind error occurs with both domain controllers,
it halts the import and import task fails</div>
<div>- During import, midPoint is generally able to import most
user accounts before the issue starts manifesting</div>
<div><br>
</div>
<div><b>Stacktrace:</b></div>
<div>2020-11-24 02:34:19,110 [] [midPointScheduler_Worker-8]
ERROR
(com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil):
ConnId Exception
org.identityconnectors.framework.common.exceptions.ConnectorIOException
in connector:a399ee77-234c-4ae3-9880-65d557a67bc6(ConnId
com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v2.0):
ConnectorSpec(<a>resource:b09f29e2-aeec-40de-9c49-66d6bab62d18(Active</a>
Directory (LDAP)), name=null,
oid=a399ee77-234c-4ae3-9880-65d557a67bc6): LDAP error during
search: operationsError: 000004DC: LdapErr: DSID-0C0907E9,
comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v2580? (1)<br>
org.identityconnectors.framework.common.exceptions.ConnectorIOException:
LDAP error during search: operationsError: 000004DC: LdapErr:
DSID-0C0907E9, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0,
v2580? (1)<br>
at
com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:580)<br>
at
com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy.search(SimplePagedResultsSearchStrategy.java:239)<br>
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:691)<br>
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:497)<br>
at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:130)<br>
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:197)<br>
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:133)<br>
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:498)<br>
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:99)<br>
at com.sun.proxy.$Proxy219.search(Unknown Source)<br>
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:498)<br>
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)<br>
at com.sun.proxy.$Proxy219.search(Unknown Source)<br>
at sun.reflect.GeneratedMethodAccessor1098.invoke(Unknown
Source)<br>
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
at java.lang.reflect.Method.invoke(Method.java:498)<br>
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165)</div>
<div><br>
</div>
<div>Has anyone seen this issue before or have any ideas?
Because the import fails, it causes issues with other
resources and processes.</div>
<div><br>
</div>
<div>Appreciate any advice anyone has to offer!<br clear="all">
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div style="text-align:left"><br>
</div>
<div style="text-align:left">Brandon Powers</div>
<div>
<div style="text-align:left"><span>Exclamation
Labs</span></div>
<span>
<div style="text-align:left">300
Washington Street</div>
</span><span>
<div style="text-align:left">Cumberland,
MD 21502</div>
</span>
<div><a value="+18885455008" style="color:rgb(17,85,204)" href="tel:888.545.5008" target="_blank">888.545.5008</a><span style="color:rgb(34,34,34)"> or </span><a value="+13017225008" style="color:rgb(17,85,204)" href="tel:301.722.5008+ext+144" target="_blank">301.722.5008
ext 144</a></div>
<span>
<div style="text-align:left">fax <a value="+13017222183" style="color:rgb(17,85,204)">301.722.2183</a></div>
</span>
<div><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204)" target="_blank">brandon@exclamationlabs.com</a></div>
<span>
<div style="text-align:left"><a href="mailto:brandon@exclamationlabs.com" style="color:rgb(17,85,204);font-size:13px" target="_blank">www.exclamationlabs.com</a></div>
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>